From 2020 BT will reduce ISDN & PSTN Services, ending them completely by 2025. Businesses need to take action to u… https://t.co/7vfvD2mgZH
Introduction to ISO27001: Information Security Standard
The International Standards Organisation (ISO) develops standards on a range of subject areas which are adopted by organisations throughout the world. Some, such as ISO 9001 (Quality Management), are well known in the business world and until recently ISO 27001 (Information Security) was one of the lesser known standards. The introduction of GDPR has thrown ISO 27001 into the spotlight as organisations of all sizes strive to find methods to demonstrate compliance with the new law. As you are no doubt aware, no single standard will ensure compliance with GDPR as many of the requirements are outwith the scope of any certification or standard. Nevertheless, certifications such as ISO 27001 and Cyber Essentials can go some way to help demonstrate that your company is following best practise and of course they will help keep your data safe. Many of our IT support customers across Glasgow, Edinburgh and central Scotland have approached us to for guidance on whether ISO 27001 or Cyber Essentials is a good fit for their organisation. Red Mosquito are Approved Practitioners of Cyber Essentials - meaning we have been externally assessed and accredited as being able to help organisations implement the standards of Cyber Essentials. We are well placed to advise on which standard best suits the needs of your organisation. Our previous blogs on Cyber Essentials give a good overview of that process, we have outlined some key points on ISO 27001 below and our consultants are able to provide detailed analysis of which certification would best suit your business needs.
Overview of ISO 27001
This standard was originally developed to:
“provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system (ISMS)”
It is suitable for organisations in any sector though it is especially useful for organisations which process high volumes of data or hold information on behalf of other organisations. Certification requires development of an Information Security Management System (ISMS) which is subject to independent third party verification by a Certifying Body in a two stage auditing process. Certification lasts for 3 years although annual surveillance visits by the Certifying Body are required. Embarking on the ISO 27001 journey is a big commitment in terms of time and money but holding this internally recognised certification does yield many benefits, it will help you:
- Improve the security of the information you hold
- Meet regulatory requirements including GDPR
- Demonstrate to clients, shareholders and other stakeholders that you indendently audited processes in place to protect information
- Have a competitive edge in a tendering process
The process of creating the ISMS will improve the security culture & awareness within your organisation as your team creates and formalises a framework of processes to ensure the confidentiality, integrity and availability of the information you hold. The ISMS does have some mandatory documentation requirements and controls that must be addressed (such as incident management, cryptography etc). Many organisations appoint a specialist consultant to guide them through the process while others buy in documentation toolkits or approach the task completely independently. The key areas you are required to address include:
- Formalising a security policy
- Determining the scope of the ISMS
- Completing a risk assessment
- Identifing how you will manage risks and implementing controls
- Auditing your processes
How can Red Mosquito help?
RedMosquito are happy to help any of our customers evaluate whether ISO 27001 or Cyber Essentials certification would be a good move for their organisation. We can help with Cyber Essentials Certification, more info here. Please get in touch with us today if you would like more information on either of these standards.
Red Mosquito provide IT support across Glasgow, Edinburgh and throughout the UK.